Managing S3 access keys

Each user of an S3 tenant account must have an access key to store and retrieve objects on the StorageGRID Webscale system. An access key consists of an access key ID and a secret access key.

About this task

S3 access keys can be managed as follows:

Users who have the Manage Your Own S3 Credentials permission can create or remove their own S3 access keys.

Users who have the Root Access permission can manage the access keys for the S3 root account, and all other users. Root access keys provide also provide full access to the tenant’s buckets and objects unless explicitly disabled by a bucket policy.

StorageGRID Webscale supports Signature Version 2 and Signature Version 4 authentication. Cross-account access is not permitted unless explicitly enabled by a bucket policy.

Choices

Creating your own S3 access keys
If you are using an S3 tenant and you have the appropriate permission, you can create your own S3 access keys. You must have an access key to access your buckets and objects in the S3 tenant account.

Removing your own S3 access keys
If you are using an S3 tenant and you have the appropriate permission, you can remove your own S3 access keys. After an access key is removed, it can no longer be used to access the objects and buckets in the tenant account.

Removing another user's S3 access keys
If you are using an S3 tenant and you have appropriate permissions, you can remove another user's S3 access keys. After an access key is removed, it can no longer be used to access the objects and buckets in the tenant account.